Security Vulnerabilities, CVEs, Published In May 2022 (Memory corruption)
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue.
Max CVSS
9.8
EPSS Score
2.74%
Published
2022-05-31
Updated
2023-05-24
In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.
Max CVSS
5.5
EPSS Score
0.08%
Published
2022-05-18
Updated
2023-02-09
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
Max CVSS
7.8
EPSS Score
0.05%
Published
2022-05-26
Updated
2023-01-13
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
Max CVSS
7.8
EPSS Score
0.05%
Published
2022-05-26
Updated
2023-01-13
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
Max CVSS
7.8
EPSS Score
0.05%
Published
2022-05-26
Updated
2023-01-13
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
Max CVSS
9.8
EPSS Score
0.17%
Published
2022-05-25
Updated
2022-06-03
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Max CVSS
7.8
EPSS Score
0.12%
Published
2022-05-09
Updated
2022-05-18
Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request.
Max CVSS
9.8
EPSS Score
0.23%
Published
2022-05-26
Updated
2022-06-03
Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request.
Max CVSS
9.8
EPSS Score
0.23%
Published
2022-05-26
Updated
2022-06-03
Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request.
Max CVSS
7.5
EPSS Score
0.12%
Published
2022-05-26
Updated
2022-06-03
Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request.
Max CVSS
9.8
EPSS Score
0.23%
Published
2022-05-26
Updated
2022-06-03
Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set
Max CVSS
7.5
EPSS Score
0.12%
Published
2022-05-26
Updated
2022-06-03
Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat
Max CVSS
9.8
EPSS Score
0.23%
Published
2022-05-26
Updated
2022-06-03
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
Max CVSS
7.5
EPSS Score
0.51%
Published
2022-05-06
Updated
2022-10-14
Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.
Max CVSS
10.0
EPSS Score
0.54%
Published
2022-05-04
Updated
2022-12-09
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
Max CVSS
7.8
EPSS Score
0.07%
Published
2022-05-18
Updated
2023-02-11
Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service.
Max CVSS
7.5
EPSS Score
0.10%
Published
2022-05-11
Updated
2022-05-20
The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.
Max CVSS
7.5
EPSS Score
0.10%
Published
2022-05-13
Updated
2022-05-23
The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality.
Max CVSS
9.8
EPSS Score
0.22%
Published
2022-05-13
Updated
2022-05-23
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Max CVSS
7.8
EPSS Score
0.12%
Published
2022-05-18
Updated
2022-05-26
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Max CVSS
7.8
EPSS Score
0.12%
Published
2022-05-18
Updated
2022-05-26
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Max CVSS
7.8
EPSS Score
0.13%
Published
2022-05-18
Updated
2022-05-26
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Max CVSS
7.8
EPSS Score
0.12%
Published
2022-05-18
Updated
2022-05-26
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Max CVSS
7.8
EPSS Score
0.12%
Published
2022-05-18
Updated
2022-05-26
SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.
Max CVSS
7.5
EPSS Score
0.09%
Published
2022-05-11
Updated
2022-05-19